Vulnerability Details CVE-2016-7200
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.899
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 7.6
Proposed Action
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html
- http://www.securityfocus.com/bid/93968
- http://www.securitytracker.com/id/1037245
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129
- https://github.com/theori-io/chakra-2016-11
- https://www.exploit-db.com/exploits/40785/
- https://www.exploit-db.com/exploits/40990/
- http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html
- http://www.securityfocus.com/bid/93968
- http://www.securitytracker.com/id/1037245
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129
- https://github.com/theori-io/chakra-2016-11
- https://www.exploit-db.com/exploits/40785/
- https://www.exploit-db.com/exploits/40990/
Products affected by CVE-2016-7200
-
cpe:2.3:a:microsoft:edge:-
-
cpe:2.3:o:microsoft:windows_10_1507:-
-
cpe:2.3:o:microsoft:windows_10_1511:-
-
cpe:2.3:o:microsoft:windows_10_1607:-
-
cpe:2.3:o:microsoft:windows_server_2016:-